While most VoIP-related vulnerabilities are posted to the VOIPSA mailing list or blog, I thought it might be useful to have a informal quarterly summary of sorts among VoIP devices per searches from NIST. I hope folks find it helpful, and of course post comments if I’ve overlooked anything from 1 January 2008 through 31 March 2008.
VoIP Firewalls
- CVE-2008-0263 Ingate Firewall & SIParator 1/15/2008
Cisco Phones
- CVE-2008-0531 Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G 2/14/2008
- CVE-2008-0530 Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G 2/14/2008
- CVE-2008-0529 Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G 2/14/2008
- CVE-2008-0528 Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G 2/14/2008
- CVE-2008-0527 Cisco Unified IP Phone 7935 and 7936 2/14/2008
- CVE-2008-0526 Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G 2/14/2008
- CVE-2008-1113 Cisco Unified Wireless IP Phone 7921 3/3/2008
Snom Phones
- CVE-2008-1251 Snom 320 SIP Phone 3/10/2008
- CVE-2008-1250 Snom 320 SIP Phone 3/10/2008
- CVE-2008-1249 Snom 320 SIP Phone 3/10/2008
- CVE-2008-1248 Snom 320 SIP Phone 3/10/2008
Vocera Phones
- CVE-2008-1114 Vocera Communications wireless handsets 3/3/2008
Routers & Gateways
- CVE-2008-1334 BT Home Hub router 3/13/2008
Asterisk PBX
- CVE-2008-1289 Asterisk Open Source 3/24/2008
- CVE-2008-1390 Asterisk Open Source 3/24/2008
- CVE-2008-1332 Asterisk Open Source 3/19/2008
- CVE-2008-1333 Asterisk Open Source 3/19/2008
Cisco Call Manager
- CVE-2008-0026 Cisco Unified CallManager/Communications Manager 2/14/2008
- CVE-2008-0027 Cisco Unified Communications Manager 1/16/2008
UPDATE 4/15/08
Pingback: IT Security » Blog Archive » Laundry List of VoIP Vulnerabilities
Pingback: Sicurezza, VoIP ed Asterisk -- Daily Asterisk
Pingback: usken.no - VoIP news! » Blog Archive » The quarterly VoIP vulnerability list.